25 matches found
CVE-2026-43918
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php loggedinclient and loggedinadmin...
CVE-2026-43918
FOSSBilling before 0.8.0 does not invalidate existing sessions for suspended or inactive accounts. The session identity loaders (loggedin_client and loggedin_admin) only reject sessions if the backing account record no longer exists; they do not check that the account’s status remains active. Thi...
EUVD-2026-31364
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...
PT-2026-42557
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description The OAuth 2.0 Authorization-Code Handler fails to verify account status. This allows users who are suspended, banned, or terminated employees, specifically those with the uIsActive variable set ...
CVE-2017-18443
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...
BIT-MASTODON-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
CVE-2025-62175
Mastodon has a vulnerability in streaming API handling: in versions < 4.4.6, < 4.3.14, and
CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users
Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...
Mastodon 安全漏洞
Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from failing to disconnect from the Streaming API when disabling or suspending a...
EUVD-2017-9559
Malware in sbrugna...
EUVD-2007-2588
Malware in sbrugna...
USN-6761-1: Anope vulnerability
It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...
USN-6761-1 anope vulnerability
It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...
DEBIAN-CVE-2024-30187
Anope before 2.0.15 does not prevent resetting the password of a suspended account...
PT-2024-23238 · Anope +3 · Anope +3
Name of the Vulnerable Software and Affected Versions: Anope versions prior to 2.0.15 Description: The issue allows resetting the password of a suspended account. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where th...
Guidance on Microsoft Signed Drivers Being Used Maliciously
Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program MWHDP were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the...
SUSE CVE-2018-1082
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site...
Twitter Suspends Accounts Used to Snare Security Researchers
Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group TAG in January an...
Bot Mafias Have Wreaked Havoc in 'World of Warcraft Classic'
Blizzard has suspended or closed over 74,000 accounts in the last month, as bots have upended the game's economy...